Cable Internet User w/Zone Alarm

Something is forcing all of my programs to connect to 1 or 2 IP addresses on port 53 everytime I make a connection. Zone Alarm records the DNS destinations of these 2 IPs indentified at what appear to be servers or routers within my ISP's network.

ns12.attbi.com
ns13.attbi.com

The other problem is that sometimes my IE will make an outgoing connection to IP 127.0.01 but it actually works when I surf the web. Proxy? I just came from a format and reinstall making sure not to install anything but core components to try and get rid of the problem. I'm still stuck even though I'm guessing its some kinda crap my cable company has setup for its Internet users.

Those IPs are your DNS servers (those attbi.com ones) and your own system (127.0.0.1) respectively. Nothing unusual with that. :)

That helps me... very little.

-.-

ALL programs want to connect to these 2 IPs on port 53. Before a week ago they all wanted to connect to their respective IPs that were set by the makers of each program.

127.0.0.1 refers to my computer (this I know already)
When I press accept to make an outgoing connection with programs they work and I know they are not connecting to my computer. What's going on with this?

Hi MakoFusion,

In order for any program on your system to connect to anywhere on the internet (if you are trying to go to a "named place" such as www.yahoo.com or popserver.isp.com) your system must first query a name server to find out the numeric IP of that hostname. Only then can your program/system proceed to send packets to the appropriate destination. The standard ports for this DNS activity is UDP 53 for most transactions and TCP 53 for longer queries and what are called "zone transfers" which are basically DNS-server to DNSserver communications. What you are seeing is entirely appropriate and necessary. If you did not see it previously then there was some other issue that kept you from noticing it.

Hope this makes things clearer,

Dan

BTW, Welcome to Wilders!

Hi MakoFusion

-{ Quote: " quoting: MakoFusion link=board=21;threadid=10674;start=0#msg69364 date=1056531707]
The other problem is that sometimes my IE will make an outgoing connection to IP 127.0.01 but it actually works when I surf the web. Proxy? " }-

It is normal for IE to establish a UDP connection on localhost (127.0.0.1). Without it, surfing could slow to a crawl.

If what you are seeing is a connection to localhost for TCP, that could be related to something filtering that traffic on your system.

Can you provide more details on the localhost/loopback connection?

Attached is an image showing the normal IE UDP loopback connection, as well as an example of the TCP connection being filtered (in my case by ccPxySvc.exe).

Edit:
If you do not have a portmapper installed, you can check the following out:
Port Explorer (http://www.diamondcs.com.au/portexplorer/)
Vision (http://www.foundstone.com/knowledge/proddesc/vision.html)
Active Ports (http://www.protect-me.com/freeware.html)

Regards,

CrazyM

I am trying to get something hardcore... I dunno if its UDP but ZoneAlarm will ask permission to connect to one of the 2 IPs or 127.0.0.1 everytime.

BTW does anyone have those 2 pages that were posted a while back dealing with the proxy forums where they have hundreds of free proxies and the Russian page to check and see if your proxy is a true perfect proxy?

Found the 2nd page

http://www.samair.ru/proxy/proxychecker/

-{ Quote: " quoting: MakoFusion link=board=21;threadid=10674;start=0#msg69539 date=1056584758]I am trying to get something hardcore... I dunno if its UDP but ZoneAlarm will ask permission to connect to one of the 2 IPs or 127.0.0.1 everytime." }-

Your actual ZA log file should tell you if it is UDP or not. Using one of the portmappers will also show you if it is just the normal IE UDP loopback connection. If it is, there is nothing to worry about.

As mentioned the connections to your ISP's DNS servers is normal and needed. You could try adding those IP's to your trusted zone to eliminate the prompts. Knowing the version of ZA would help as well so those more familiar with it could offer other configuration options.

Regards,

CrazyM

-{ Quote: " quoting: Dan Perez link=board=21;threadid=10674;start=0#msg69484 date=1056572426]
Hi MakoFusion,

Blah blah blah blah blah message about blah blah blah and more blah blah blah blah.

Dan

BTW, Welcome to Wilders!
" }-

Thanks but I am a former member of this board.

heh

Here is knowledge about port 53, UDP

http://www.dshield.org/ports/port53.php

Ari

-{ Quote: " quoting: MakoFusion link=board=21;threadid=10674;start=0#msg69545 date=1056586642]
-{ Quote: " quoting: Dan Perez link=board=21;threadid=10674;start=0#msg69484 date=1056572426]
Hi MakoFusion,

Blah blah blah blah blah message about blah blah blah and more blah blah blah blah.

Dan

BTW, Welcome to Wilders!
" }-

Thanks but I am a former member of this board.
" }-

MF, you could have arrived at a nicer response to Dan for his attempt to help you !! >:(

bill

-{ Quote: " quoting: eyespy link=board=21;threadid=10674;start=0#msg69651 date=1056637719]
-{ Quote: " quoting: MakoFusion link=board=21;threadid=10674;start=0#msg69545 date=1056586642]
-{ Quote: " quoting: Dan Perez link=board=21;threadid=10674;start=0#msg69484 date=1056572426]
Hi MakoFusion,

Blah blah blah blah blah message about blah blah blah and more blah blah blah blah.

Dan

BTW, Welcome to Wilders!
" }-

Thanks but I am a former member of this board.
" }-

MF, you could have arrived at a nicer response to Dan for his attempt to help you !! >:(

bill
" }-

???
Ok....

Thank you Dan the Man! Adds a smile ;D
He thought it funny =)